Yubico comments on cyberattacks
With the news* that the construction group Interserve was fined £4.4 million by the government regarding a cyber-attack two years ago show, we ask Niall McConachie, Regional Director (UK & Ireland), Yubico (www.yubico.com) for his views on what organizations can do to mitigate the risks posed by cyber threats.

“Data breaches are one of the most serious security problems faced today, and Interserve is just one of many organizations to have experienced a cyber-attack that compromised its employees’ personal and financial information.”

“In order to make meaningful progress towards stopping the increasing level of attacks, organizations need to enforce frequent cybersecurity training that is up to date with the current threat landscape.  Our own findings show that employees recognize the need for better cybersecurity practices and the need for training to ensure they can identify scams and mitigate certain attacks themselves.”

“According to a recent Yubico survey (www.yubico.com/blog/yubico-unveils-results-of-inaugural-state-of-global-enterprise-authentication-survey-2022), 54% of employees are not required to go through frequent cybersecurity training and many respondents admitted to relying on username and passwords as their primary method to authenticate into accounts (59%).  With many others relying on legacy MFA solutions like one-time passwords, our research shows that 61% of employees believe their employers should upgrade to phishing resistant solutions that are able to withstand modern threats.”

“In addition to educating their workforce, organizations need to implement more modern and robust solutions.  Businesses should consider alternative user authentication measures like passwordless, strong two-factor and multi-factor authentication (2FA/MFA) solutions, which have proven to be the most effective options for business-wide cybersecurity.  These solutions are user friendly and bridge the gap between internal and external user authentication.  In fact, FIDO2 Security Keys are now viewed as the gold standard when it comes to phishing resistant authentication, mandated by standards bodies and even governments.”

“Only with thorough planning, training, and implementing effective cybersecurity along with modern authentication solutions will organizations have a better chance of protecting themselves from powerful and emerging cyber threats.”

* News source: www.theguardian.com/business/2022/oct/24/outsourcer-interserve-fined-4-point-4m-cyber-attack-failings-data-breach-personal-information